HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.6	CVE-2026-12104	Authenticated OS Command Injection in Bondix_CVE-2026-12104 OS command injection in the environment and tunnel configuration functionality in SIMA GmbH Bondix through version 1.25.7.5 on Linux allows an auth...	SIMA GmbH	Bondix Server	Jun 19, 2026	CVE
HIGH 8.5	CVE-2025-71326	AVAST Antivirus 25.11 Unquoted Service Path Privilege Escalation_CVE-2025-71326 AVAST Antivirus 25.11 contains an unquoted service path vulnerability in the SecureLine service that allows local non-privileged users to execute c...	Avast	AVAST Antivirus 25.11	Jun 19, 2026	CVE
HIGH 8.8	MALWAREBYTES:43...	Apple patches Beats Studio Buds flaw that could turn earbuds into a wiretap_MALWAREBYTES:430DE23FF1022B331371E640A7316DE9 Apple has patched a Bluetooth flaw in Beats Studio Buds that could potentially turn your earbuds into a nearby wiretap. When you buy a pair of Blu...	N/A	N/A	Jun 19, 2026	MALWAREBYTES
HIGH 8.1	CVE-2026-12292	Incorrect boundary conditions in the Web Audio component_CVE-2026-12292 Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thu...	Mozilla	Firefox 140.12	Jun 16, 2026	CVE
HIGH 8.8	CVE-2026-12291	Use-after-free in the Networking: HTTP component_CVE-2026-12291 Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird ...	Mozilla	Firefox 115.37	Jun 16, 2026	CVE
HIGH 7.5	CVE-2026-8050	CVE-2026-8050_CVE-2026-8050 In SignalRGB versions prior to 1.3.7.0, seven of the thirteen IOCTL handlers dereference the SystemBuffer pointer without first verifying that it i...	SignalRGB	SignalRGB kernel driver	Jun 17, 2026	CVE
HIGH 8.8	CVE-2026-9860	Offload, AI & Optimize with Cloudflare Images <= 1.10.2 - Authenticated (Author+) Remote Code Execution via 'api-key' / 'account-id' Parameters in cf_images_do_setup AJAX Action_CVE-2026-9860 The Offload, AI & Optimize with Cloudflare Images plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including,...	vanyukov	Offload, AI & Optimize with Cloudflare Images	Jun 18, 2026	CVE
HIGH 7.6	CVE-2026-55746	Cotonti stored XSS via PFS folder title_CVE-2026-55746 Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to stored Cross-Site Scripting in the Personal File Storage (PFS) module. A folder tit...	Cotonti	Cotonti 1.0.0	Jun 18, 2026	CVE
HIGH 8.1	CVE-2026-55744	Cotonti CSRF in PFS allows forced arbitrary file upload_CVE-2026-55744 Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to Cross-Site Request Forgery in the Personal File Storage (PFS) module. In modules/pf...	Cotonti	Cotonti 1.0.0	Jun 18, 2026	CVE
HIGH 8.8	CVE-2026-55741	Cotonti CSRF in admin.config.php allows unauthorized configuration changes_CVE-2026-55741 Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to Cross-Site Request Forgery in the administration configuration handler. In system/a...	Cotonti	Cotonti 1.0.0	Jun 18, 2026	CVE